chore: basic helm chart

Signed-off-by: Taylor Price <[email protected]>

.github/workflows/update-demo-env.yml

@@ -0,0 +1,32 @@
+name: Update Demo Env
+
+permissions:
+  id-token: write
+  contents: read
+  packages: write
+
+on:
+  workflow_dispatch:
+
+jobs:
+  copy-tag:
+    runs-on: depot-ubuntu-22.04
+
+    steps:
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Copy to demo tag
+        run: |
+          crane tag ghcr.io/${{ github.repository }}:latest demo
+          crane tag docker.io/obot/${{ github.event.repository.name }}:latest demo

.github/workflows/update-test-env.yml

@@ -0,0 +1,32 @@
+name: Update Test Env
+
+permissions:
+  id-token: write
+  contents: read
+  packages: write
+
+on:
+  workflow_dispatch:
+
+jobs:
+  copy-tag:
+    runs-on: depot-ubuntu-22.04
+
+    steps:
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Copy to test tag
+        run: |
+          crane tag ghcr.io/${{ github.repository }}:latest test
+          crane tag docker.io/obot/${{ github.event.repository.name }}:latest test

Dockerfile

@@ -43,13 +43,10 @@ ENV PGDATA=/data/postgresql
 COPY --from=build-pgvector /usr/lib/postgresql17/vector.so /usr/lib/postgresql17/
 COPY --from=build-pgvector /usr/share/postgresql17/extension/vector* /usr/share/postgresql17/extension/
 
-RUN apk add --no-cache git python-3.13 py3.13-pip openssh-server npm bash tini procps libreoffice docker
+RUN apk add --no-cache git python-3.13 py3.13-pip npm bash tini procps libreoffice docker
 COPY --chmod=0755 /tools/package-chrome.sh /
 
 RUN /package-chrome.sh && rm /package-chrome.sh
-RUN sed -E 's/^#(PermitRootLogin)no/\1yes/' /etc/ssh/sshd_config -i
-RUN ssh-keygen -A
-RUN mkdir /run/sshd && /usr/sbin/sshd
 COPY encryption.yaml /
 COPY --chmod=0755 run.sh /bin/run.sh
 

chart/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v2
+name: obot
+description: A Helm chart for Obot
+version: 0.1.0
+appVersion: 1.0.0

chart/templates/_helpers.tpl

@@ -0,0 +1,66 @@
+{{/*
+Return the chart name and version.
+*/}}
+{{- define "obot.chart" -}}
+{{ printf "%s-%s" .Chart.Name .Chart.Version | quote }}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "obot.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a fullname using the release name and the chart name.
+*/}}
+{{- define "obot.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name (include "obot.name" .) | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create labels for the resources.
+*/}}
+{{- define "obot.labels" -}}
+helm.sh/chart: {{ include "obot.chart" . }}
+{{ include "obot.selectorLabels" . }}
+{{- with .Chart.AppVersion }}
+app.kubernetes.io/version: {{ . | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Create selector labels for the resources.
+*/}}
+{{- define "obot.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "obot.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "obot.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "obot.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Set name of secret to use for credentials
+*/}}
+{{- define "obot.config.secretName" -}}
+{{- if .Values.config.existingSecret -}}
+{{- .Values.config.existingSecret -}}
+{{- else -}}
+{{ .Release.Name }}-config
+{{- end -}}
+{{- end -}}

chart/templates/deployment.yaml

@@ -0,0 +1,132 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "obot.fullname" . }}
+  labels:
+    {{- include "obot.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  strategy:
+    type: {{ .Values.updateStrategy }}
+  selector:
+    matchLabels:
+      {{- include "obot.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "obot.selectorLabels" . | nindent 8 }}
+    spec:
+      serviceAccountName: {{ include "obot.serviceAccountName" . }}
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml .Values.imagePullSecrets | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: 8080
+              protocol: TCP
+          livenessProbe:
+            exec:
+              command:
+                - "true"
+          readinessProbe:
+            exec:
+              command:
+                - "true"
+          env:
+            {{- if .Values.config.awsAccessKeyID }}
+            - name: "AWS_ACCESS_KEY_ID"
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "obot.config.secretName" . }}
+                  key: awsAccessKeyID
+            {{- end }}
+            {{- if .Values.config.awsRegion }}
+            - name: "AWS_REGION"
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "obot.config.secretName" . }}
+                  key: awsRegion
+            {{- end }}
+            {{- if .Values.config.awsSecretAccessKey }}
+            - name: "AWS_SECRET_ACCESS_KEY"
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "obot.config.secretName" . }}
+                  key: awsSecretAccessKey
+            {{- end }}
+            {{- if .Values.config.baaahThreadiness }}
+            - name: "BAAAH_THREADINESS"
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "obot.config.secretName" . }}
+                  key: baaahThreadiness
+            {{- end }}
+            {{- if .Values.config.githubAuthToken }}
+            - name: "GITHUB_AUTH_TOKEN"
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "obot.config.secretName" . }}
+                  key: githubAuthToken
+            {{- end }}
+            {{- if .Values.config.obotServerAuthAdminEmails }}
+            - name: "OBOT_SERVER_AUTH_ADMIN_EMAILS"
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "obot.config.secretName" . }}
+                  key: obotServerAuthAdminEmails
+            {{- end }}
+            {{- if .Values.config.obotServerDSN }}
+            - name: "OBOT_SERVER_DSN"
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "obot.config.secretName" . }}
+                  key: obotServerDSN
+            {{- end }}
+            {{- if .Values.config.obotServerHostname }}
+            - name: "OBOT_SERVER_HOSTNAME"
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "obot.config.secretName" . }}
+                  key: obotServerHostname
+            {{- end }}
+            {{- if .Values.config.obotWorkspaceProviderType }}
+            - name: "OBOT_WORKSPACE_PROVIDER_TYPE"
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "obot.config.secretName" . }}
+                  key: obotWorkspaceProviderType
+            {{- end }}
+            {{- if .Values.config.openaiApiKey }}
+            - name: "OPENAI_API_KEY"
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "obot.config.secretName" . }}
+                  key: openaiApiKey
+            {{- end }}
+            {{- if .Values.config.workspaceProviderS3BaseEndpoint }}
+            - name: "WORKSPACE_PROVIDER_S3_BASE_ENDPOINT"
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "obot.config.secretName" . }}
+                  key: workspaceProviderS3BaseEndpoint
+            {{- end }}
+            {{- if .Values.config.workspaceProviderS3Bucket }}
+            - name: "WORKSPACE_PROVIDER_S3_BUCKET"
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "obot.config.secretName" . }}
+                  key: workspaceProviderS3Bucket
+            {{- end }}
+            {{- if .Values.extraEnv }}
+            {{- range $key, $value := .Values.extraEnv }}
+            - name: {{ $key }}
+              value: {{ $value | quote }}
+            {{- end }}
+            {{- end }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}

chart/templates/ingress.yaml

@@ -0,0 +1,47 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "obot.fullname" . -}}
+{{- $ingressPaths := .Values.ingress.paths -}}
+{{- $extraPaths := .Values.ingress.extraPaths -}}
+apiVersion: "networking.k8s.io/v1"
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "obot.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+{{- if .Values.ingress.className }}
+  ingressClassName: {{ .Values.ingress.className }}
+{{- end }}
+{{- if .Values.ingress.tls }}
+  tls:
+  {{- range .Values.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.ingress.hosts }}
+    - host: {{ . | quote }}
+      http:
+        paths:
+        {{- if $extraPaths }}
+{{ $extraPaths | toYaml | indent 10 }}
+        {{- end }}
+        {{- range $ingressPaths }}
+          - path: {{ or .path . | quote }}
+            pathType: {{ .pathType | quote }}
+            backend:
+              service:
+                name: {{ $fullName }}
+                port:
+                  name: http
+        {{- end }}
+  {{- end }}
+{{- end }}

chart/templates/secret.yaml

@@ -0,0 +1,46 @@
+{{- if eq .Values.config.existingSecret "" -}}
+apiVersion: v1
+data:
+  {{- if .Values.config.awsAccessKeyID }}
+  awsAccessKeyID: {{ .Values.config.awsAccessKeyID | b64enc }}
+  {{- end }}
+  {{- if .Values.config.awsRegion }}
+  awsRegion: {{ .Values.config.awsRegion | b64enc }}
+    {{- end }}
+  {{- if .Values.config.awsSecretAccessKey }}
+  awsSecretAccessKey: {{ .Values.config.awsSecretAccessKey | b64enc }}
+    {{- end }}
+  {{- if .Values.config.baaahThreadiness }}
+  baaahThreadiness: {{ .Values.config.baaahThreadiness | b64enc }}
+    {{- end }}
+  {{- if .Values.config.githubAuthToken }}
+  githubAuthToken: {{ .Values.config.githubAuthToken | b64enc }}
+    {{- end }}
+  {{- if .Values.config.obotServerAuthAdminEmails }}
+  obotServerAuthAdminEmails: {{ .Values.config.obotServerAuthAdminEmails | b64enc }}
+    {{- end }}
+  {{- if .Values.config.obotServerDSN }}
+  obotServerDSN: {{ .Values.config.obotServerDSN | b64enc }}
+    {{- end }}
+  {{- if .Values.config.obotServerHostname }}
+  obotServerHostname: {{ .Values.config.obotServerHostname | b64enc }}
+    {{- end }}
+  {{- if .Values.config.obotWorkspaceProviderType }}
+  obotWorkspaceProviderType: {{ .Values.config.obotWorkspaceProviderType | b64enc }}
+    {{- end }}
+  {{- if .Values.config.openaiApiKey }}
+  openaiApiKey: {{ .Values.config.openaiApiKey | b64enc }}
+    {{- end }}
+  {{- if .Values.config.workspaceProviderS3BaseEndpoint }}
+  workspaceProviderS3BaseEndpoint: {{ .Values.config.workspaceProviderS3BaseEndpoint | b64enc }}
+    {{- end }}
+  {{- if .Values.config.workspaceProviderS3Bucket }}
+  workspaceProviderS3Bucket: {{ .Values.config.workspaceProviderS3Bucket | b64enc }}
+    {{- end }}
+kind: Secret
+metadata:
+  labels:
+    {{- include "obot.labels" . | nindent 4 }}
+  name: {{ include "obot.config.secretName" . }}
+type: Opaque
+{{- end -}}